Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:119: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:125: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:129: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:161: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:254: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:278: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:286: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:293: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:350: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:371: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:394: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:100: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:109: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/ci.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cifuzz.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/cifuzz.yml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/cifuzz.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/cifuzz.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cifuzz.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/cifuzz.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cifuzz.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/cifuzz.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/classify.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/classify.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/classify.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/classify.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/classify.yaml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/classify.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/classify.yaml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/classify.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/classify.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/classify.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/publish.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/publish.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/publish.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yaml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/publish.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yaml:66: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/publish.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/publish.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yaml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/publish.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yaml:77: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/publish.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yaml:85: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/publish.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yaml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/publish.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/site-build.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/site-build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/site-build.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/site-build.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/site-build.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/site-build.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/stale.yaml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/vulncheck_periodic.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/vulncheck_periodic.yaml/main?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/vulncheck_periodic.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/metallb/metallb/vulncheck_periodic.yaml/main?enable=pin
Warn: containerImage not pinned by hash: configmaptocrs/Dockerfile:3
Warn: containerImage not pinned by hash: configmaptocrs/Dockerfile:37: pin your Docker image by updating gcr.io/distroless/static:latest to gcr.io/distroless/static:latest@sha256:5c7e2b465ac6a2a4e5f4f7f722ce43b147dabe87cb21ac6c4007ae5178a1fa58
Warn: containerImage not pinned by hash: controller/Dockerfile:3
Warn: containerImage not pinned by hash: controller/Dockerfile:37: pin your Docker image by updating gcr.io/distroless/static:latest to gcr.io/distroless/static:latest@sha256:5c7e2b465ac6a2a4e5f4f7f722ce43b147dabe87cb21ac6c4007ae5178a1fa58
Warn: containerImage not pinned by hash: speaker/Dockerfile:3
Warn: containerImage not pinned by hash: speaker/Dockerfile:52: pin your Docker image by updating gcr.io/distroless/static:latest to gcr.io/distroless/static:latest@sha256:5c7e2b465ac6a2a4e5f4f7f722ce43b147dabe87cb21ac6c4007ae5178a1fa58
Warn: goCommand not pinned by hash: dev-env/unittest/setup-envtest.sh:6
Warn: pipCommand not pinned by hash: .github/workflows/ci.yaml:67
Warn: pipCommand not pinned by hash: .github/workflows/publish.yaml:30
Info: 0 out of 24 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 25 third-party GitHubAction dependencies pinned
Info: 0 out of 6 containerImage dependencies pinned
Info: 1 out of 2 goCommand dependencies pinned
Info: 0 out of 2 pipCommand dependencies pinned